@rem 创建CA根证书
openssl genpkey -algorithm RSA -out ca.key -pkeyopt rsa_keygen_bits:4096
openssl req -new -key ca.key -out ca.csr -subj "/C=CN/ST=Beijing/L=Beijing/O=My Root CA/CN=My Root CA"
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt -extensions v3_ca -extfile ca.cnf
@rem 创建Server证书
openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Beijing/L=Beijing/O=My Company/CN=localhost/CN=127.0.0.1/CN=192.168.6.173"
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650 -extensions v3_server -extfile server.cnf
